CVE-2015-3206 — Vulnetix

CVE-2015-3206 REJECTED

The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service (bad response), or have other unspecified impact by performing a man-in-the-middle attack.

EPSS 1.35% · 80.4th percentile

Risk Scores

EPSS Score

1.35%

80.4th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:18.04:LTS	pykerberos	0
Ubuntu:16.04:LTS	pykerberos	0, 1.1.5-0.1build1, 1.1.5-2

Exploit Intelligence

[oss-security] 20150521 CVE-2015-3206 python-kerberos: checkPassword() does not verify KDC authenticity (circl)
https://bugzilla.redhat.com/show_bug.cgi?id=1223802 (circl)
https://pypi.python.org/pypi/kerberos (circl)
74760 (circl)
https://github.com/apple/ccs-pykerberos/issues/31 (circl)

Timeline

Aug 25, 2017 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 20, 2022 EPSS Score
Sep 3, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 8, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 2, 2023 EPSS Score
Jul 16, 2023 EPSS Score
Sep 7, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2015-3206 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2015-3206 third-party-advisory

Open in Interactive Console →